Demo

After starting the Docker Daemon,

# start asciinema recording
asciinema rec ~/Desktop/containerization.cast -i 2

Show the app

cat app.py

Show the naive Dockerfile

cat Dockerfile.single

Build & check size

docker build -t flask-single -f Dockerfile.single .
docker images | grep flask

Inspect layers

docker history flask-single

Show the multi-stage Dockerfile

cat Dockerfile.multi

Build & compare

docker build -t flask-multi -f Dockerfile.multi .
docker images | grep flask

Inspect layers again

docker history flask-multi

Use dive

dive flask-multi

Run both images

docker run -d -p 5001:5000 flask-single
docker run -d -p 5002:5000 flask-multi

Visit:

http://localhost:5001 (single-stage)

http://localhost:5002 (multi-stage)

stop containers:

docker stop $(docker ps -q)

Scanning

IMAGE_NAME="flask-single"
trivy image $IMAGE_NAME

# Scan with specific severity levels
trivy image --severity HIGH,CRITICAL $IMAGE_NAME

# Generate JSON report
trivy image --format json --output "scans/results-${IMAGE_NAME//[:\/]/-}-$(date +%Y-%m-%d).json" $IMAGE_NAME

# Custom script, to summarize HIGH/CRITICAL vulnerabilities, and to use in CI/CD later.
./trivy_vulnerability_counter.sh $IMAGE_NAME

Docker-compose

# Step 1: Build using bake (faster, parallel, better caching)
# using docker-bake.hcl
docker buildx bake --load

cat compose.yml

# resource limits
docker inspect <container_name>
docker stats --no-stream <container_name>

# Step 2: Run containers (no rebuild needed, images are already loaded)
docker compose up

# Or, just `docker compose up` directly.
# Or, to also re-build:
# docker compose up --build

# http://localhost:5001 → single-stage container
# http://localhost:5002 → multi-stage container

# Ctrl + c, stop containers.

docker compose down

Cleanup

Optionally, show cleanup of stopped containers and images, from CLI, Docker Desktop or both.

docker images
docker rmi -f <image-name> <another-image-name>

# Finish asciinema
exit
enter
asciinema upload ~/Desktop/containerization.cast